{"id":1789,"date":"2023-03-02T20:49:22","date_gmt":"2023-03-03T01:49:22","guid":{"rendered":"https:\/\/enterpriseadmins.org\/blog\/?p=1789"},"modified":"2023-03-02T20:49:22","modified_gmt":"2023-03-03T01:49:22","slug":"keep-it-secure-automate-skyline-collector-admin-password-changes","status":"publish","type":"post","link":"https:\/\/enterpriseadmins.org\/blog\/scripting\/keep-it-secure-automate-skyline-collector-admin-password-changes\/","title":{"rendered":"Keep it secure: Automate Skyline Collector admin password changes"},"content":{"rendered":"\n

Too frequently I login to my Skyline Collector and am immediately required to change the password. Follow along with me as I explain how I figured out how to use automation to reduce the frustration of this process.<\/p>\n\n\n\n

The Skyline Collector admin password will expire every 90 days. Because it’s not necessary to login to the collector frequently, it is common that when I do login, I’m force to immediately change the password. I began looking for an option to change this password programmatically, thus enabling the ability to schedule a task that would update the password before it expired, preferably every 30 days or so. That way when I go to login the password doesn’t need to be immediately changed and I can move along with my task.<\/p>\n\n\n\n

Finding the API method<\/h3>\n\n\n\n

To find the API method being used, I opened the developer tools in my browser, switched to the Network tab, then began watching the monitor while I changed the admin password for my Skyline Collector. When I clicked the button to change password, the ‘request URL’ on the Headers tab shows that the method called is \/api\/v1\/auth\/update?auto=false<\/code> (picture below):<\/p>\n\n\n\n

\"\"<\/a><\/figure>\n\n\n\n

On the ‘Payload’ tab I can see the JSON body that was posted to the \/api\/v1\/auth\/update<\/code> method in the request URL (from the above screenshot). The request body looks like this:<\/p>\n\n\n\n

\"\"<\/a><\/figure>\n\n\n\n

Write a Script to Automate the Password Change<\/h3>\n\n\n\n

Knowing the API method called as well as the details of the payload gives us the details that we need to write some code. We could use any tool\/language, but having a prefernce towards PowerShell I chose that path. The below example does just that — and the results showed Password updated successfully<\/code>!<\/p>\n\n\n\n

$serverName = 'h027-skyline-01.lab.enterpriseadmins.org' # variable for Skyline Collector name\/IP.\n$changePassBody = @{'username'='admin'; 'oldPassword'='VMware1!'; 'newPassword'='VMware2!'} # JSON payload\n# Following line will use variables above to POST the request\nInvoke-RestMethod -method POST -Uri \"https:\/\/$serverName\/api\/v1\/auth\/update?auto=false\" -Body ($changePassBody | ConvertTo-Json) -ContentType \"application\/json\"\n\n# Output of Invoke-RestMethod from above\nmessage\n-------\nPassword updated successfully.\n<\/code><\/pre>\n\n\n\n
With this test successful, I tested the code against a collector appliance with an expired password and it worked there also. <\/p>\n\n\n\n
It\u2019s outside of the intent of this brief article but to have this be a complete solution, the remaining tasks to fully automate this process would include:\u00a0<\/p>\n\n\n\n